Mercurial > kallithea
changeset 6452:3dcf1f82311a
controllers: avoid setting request state in controller instances - set it in the thread global request variable
In TurboGears, controllers are singletons and we should avoid using instance
variables for any volatile data. Instead, use the "global thread local" request
context.
With everything in request, some use of c is dropped.
Note: kallithea/controllers/api/__init__.py still use instance variables that
will cause problems with TurboGears.
line wrap: on
line diff
--- a/kallithea/controllers/admin/gists.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/controllers/admin/gists.py Sat Dec 24 01:27:47 2016 +0100 @@ -67,7 +67,7 @@ @LoginRequired() def index(self): - not_default_user = not c.authuser.is_default_user + not_default_user = not request.authuser.is_default_user c.show_private = request.GET.get('private') and not_default_user c.show_public = request.GET.get('public') and not_default_user @@ -78,17 +78,17 @@ # MY private if c.show_private and not c.show_public: gists = gists.filter(Gist.gist_type == Gist.GIST_PRIVATE) \ - .filter(Gist.owner_id == c.authuser.user_id) + .filter(Gist.owner_id == request.authuser.user_id) # MY public elif c.show_public and not c.show_private: gists = gists.filter(Gist.gist_type == Gist.GIST_PUBLIC) \ - .filter(Gist.owner_id == c.authuser.user_id) + .filter(Gist.owner_id == request.authuser.user_id) # MY public+private elif c.show_private and c.show_public: gists = gists.filter(or_(Gist.gist_type == Gist.GIST_PUBLIC, Gist.gist_type == Gist.GIST_PRIVATE)) \ - .filter(Gist.owner_id == c.authuser.user_id) + .filter(Gist.owner_id == request.authuser.user_id) # default show ALL public gists if not c.show_public and not c.show_private: @@ -118,7 +118,7 @@ gist_type = Gist.GIST_PUBLIC if _public else Gist.GIST_PRIVATE gist = GistModel().create( description=form_result['description'], - owner=c.authuser.user_id, + owner=request.authuser.user_id, gist_mapping=nodes, gist_type=gist_type, lifetime=form_result['lifetime'] @@ -152,7 +152,7 @@ @NotAnonymous() def delete(self, gist_id): gist = GistModel().get_gist(gist_id) - owner = gist.owner_id == c.authuser.user_id + owner = gist.owner_id == request.authuser.user_id if h.HasPermissionAny('hg.admin')() or owner: GistModel().delete(gist) Session().commit()
--- a/kallithea/controllers/admin/my_account.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/controllers/admin/my_account.py Sat Dec 24 01:27:47 2016 +0100 @@ -65,7 +65,7 @@ super(MyAccountController, self).__before__() def __load_data(self): - c.user = User.get(self.authuser.user_id) + c.user = User.get(request.authuser.user_id) if c.user.username == User.DEFAULT_USER: h.flash(_("You can't edit this user since it's" " crucial for entire application"), category='warning') @@ -77,12 +77,12 @@ repos_list = Session().query(Repository) \ .join(UserFollowing) \ .filter(UserFollowing.user_id == - self.authuser.user_id).all() + request.authuser.user_id).all() else: admin = True repos_list = Session().query(Repository) \ .filter(Repository.owner_id == - self.authuser.user_id).all() + request.authuser.user_id).all() repos_data = RepoModel().get_repos_as_dict(repos_list=repos_list, admin=admin) @@ -92,8 +92,7 @@ def my_account(self): c.active = 'profile' self.__load_data() - c.perm_user = AuthUser(user_id=self.authuser.user_id) - c.ip_addr = self.ip_addr + c.perm_user = AuthUser(user_id=request.authuser.user_id) managed_fields = auth_modules.get_managed_fields(c.user) def_user_perms = User.get_default_user().AuthUser.permissions['global'] if 'hg.register.none' in def_user_perms: @@ -105,8 +104,8 @@ update = False if request.POST: _form = UserForm(edit=True, - old_data={'user_id': self.authuser.user_id, - 'email': self.authuser.email})() + old_data={'user_id': request.authuser.user_id, + 'email': request.authuser.email})() form_result = {} try: post_data = dict(request.POST) @@ -118,7 +117,7 @@ 'new_password', 'password_confirmation', ] + managed_fields - UserModel().update(self.authuser.user_id, form_result, + UserModel().update(request.authuser.user_id, form_result, skip_attrs=skip_attrs) h.flash(_('Your account was updated successfully'), category='success') @@ -153,10 +152,10 @@ c.can_change_password = 'password' not in managed_fields if request.POST and c.can_change_password: - _form = PasswordChangeForm(self.authuser.username)() + _form = PasswordChangeForm(request.authuser.username)() try: form_result = _form.to_python(request.POST) - UserModel().update(self.authuser.user_id, form_result) + UserModel().update(request.authuser.user_id, form_result) Session().commit() h.flash(_("Successfully updated password"), category='success') except formencode.Invalid as errors: @@ -192,8 +191,7 @@ def my_account_perms(self): c.active = 'perms' self.__load_data() - c.perm_user = AuthUser(user_id=self.authuser.user_id) - c.ip_addr = self.ip_addr + c.perm_user = AuthUser(user_id=request.authuser.user_id) return render('admin/my_account/my_account.html') @@ -209,7 +207,7 @@ email = request.POST.get('new_email') try: - UserModel().add_extra_email(self.authuser.user_id, email) + UserModel().add_extra_email(request.authuser.user_id, email) Session().commit() h.flash(_("Added email %s to user") % email, category='success') except formencode.Invalid as error: @@ -224,7 +222,7 @@ def my_account_emails_delete(self): email_id = request.POST.get('del_email_id') user_model = UserModel() - user_model.delete_extra_email(self.authuser.user_id, email_id) + user_model.delete_extra_email(request.authuser.user_id, email_id) Session().commit() h.flash(_("Removed email from user"), category='success') raise HTTPFound(location=url('my_account_emails')) @@ -241,14 +239,14 @@ (str(60 * 24 * 30), _('1 month')), ] c.lifetime_options = [(c.lifetime_values, _("Lifetime"))] - c.user_api_keys = ApiKeyModel().get_api_keys(self.authuser.user_id, + c.user_api_keys = ApiKeyModel().get_api_keys(request.authuser.user_id, show_expired=show_expired) return render('admin/my_account/my_account.html') def my_account_api_keys_add(self): lifetime = safe_int(request.POST.get('lifetime'), -1) description = request.POST.get('description') - ApiKeyModel().create(self.authuser.user_id, description, lifetime) + ApiKeyModel().create(request.authuser.user_id, description, lifetime) Session().commit() h.flash(_("API key successfully created"), category='success') raise HTTPFound(location=url('my_account_api_keys')) @@ -256,12 +254,12 @@ def my_account_api_keys_delete(self): api_key = request.POST.get('del_api_key') if request.POST.get('del_api_key_builtin'): - user = User.get(self.authuser.user_id) + user = User.get(request.authuser.user_id) user.api_key = generate_api_key() Session().commit() h.flash(_("API key successfully reset"), category='success') elif api_key: - ApiKeyModel().delete(api_key, self.authuser.user_id) + ApiKeyModel().delete(api_key, request.authuser.user_id) Session().commit() h.flash(_("API key successfully deleted"), category='success')
--- a/kallithea/controllers/admin/notifications.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/controllers/admin/notifications.py Sat Dec 24 01:27:47 2016 +0100 @@ -58,8 +58,8 @@ super(NotificationsController, self).__before__() def index(self, format='html'): - c.user = self.authuser - notif = NotificationModel().query_for_user(self.authuser.user_id, + c.user = request.authuser + notif = NotificationModel().query_for_user(request.authuser.user_id, filter_=request.GET.getall('type')) p = safe_int(request.GET.get('page'), 1) @@ -81,11 +81,11 @@ if request.environ.get('HTTP_X_PARTIAL_XHR'): nm = NotificationModel() # mark all read - nm.mark_all_read_for_user(self.authuser.user_id, + nm.mark_all_read_for_user(request.authuser.user_id, filter_=request.GET.getall('type')) Session().commit() - c.user = self.authuser - notif = nm.query_for_user(self.authuser.user_id, + c.user = request.authuser + notif = nm.query_for_user(request.authuser.user_id, filter_=request.GET.getall('type')) c.notifications = Page(notif, page=1, items_per_page=10) return render('admin/notifications/notifications_data.html') @@ -93,11 +93,11 @@ def update(self, notification_id): try: no = Notification.get(notification_id) - owner = all(un.user_id == c.authuser.user_id + owner = all(un.user_id == request.authuser.user_id for un in no.notifications_to_users) if h.HasPermissionAny('hg.admin')() or owner: # deletes only notification2user - NotificationModel().mark_read(c.authuser.user_id, no) + NotificationModel().mark_read(request.authuser.user_id, no) Session().commit() return 'ok' except Exception: @@ -108,11 +108,11 @@ def delete(self, notification_id): try: no = Notification.get(notification_id) - owner = any(un.user_id == c.authuser.user_id + owner = any(un.user_id == request.authuser.user_id for un in no.notifications_to_users) if h.HasPermissionAny('hg.admin')() or owner: # deletes only notification2user - NotificationModel().delete(c.authuser.user_id, no) + NotificationModel().delete(request.authuser.user_id, no) Session().commit() return 'ok' except Exception: @@ -124,7 +124,7 @@ notification = Notification.get_or_404(notification_id) unotification = NotificationModel() \ - .get_user_notification(self.authuser.user_id, notification) + .get_user_notification(request.authuser.user_id, notification) # if this association to user is not valid, we don't want to show # this message @@ -136,5 +136,5 @@ Session().commit() c.notification = notification - c.user = self.authuser + c.user = request.authuser return render('admin/notifications/show_notification.html')
--- a/kallithea/controllers/admin/repo_groups.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/controllers/admin/repo_groups.py Sat Dec 24 01:27:47 2016 +0100 @@ -100,9 +100,9 @@ return data def _revoke_perms_on_yourself(self, form_result): - _up = filter(lambda u: c.authuser.username == u[0], + _up = filter(lambda u: request.authuser.username == u[0], form_result['perms_updates']) - _new = filter(lambda u: c.authuser.username == u[0], + _new = filter(lambda u: request.authuser.username == u[0], form_result['perms_new']) if _new and _new[0][1] != 'group.admin' or _up and _up[0][1] != 'group.admin': return True @@ -163,7 +163,7 @@ group_name=form_result['group_name'], group_description=form_result['group_description'], parent=form_result['parent_group_id'], - owner=self.authuser.user_id, # TODO: make editable + owner=request.authuser.user_id, # TODO: make editable copy_permissions=form_result['group_copy_permissions'] ) Session().commit() @@ -358,7 +358,7 @@ c.repo_group = RepoGroupModel()._get_repo_group(group_name) valid_recursive_choices = ['none', 'repos', 'groups', 'all'] form_result = RepoGroupPermsForm(valid_recursive_choices)().to_python(request.POST) - if not c.authuser.is_admin: + if not request.authuser.is_admin: if self._revoke_perms_on_yourself(form_result): msg = _('Cannot revoke permission for yourself as admin') h.flash(msg, category='warning') @@ -372,8 +372,8 @@ form_result['perms_updates'], recursive) #TODO: implement this - #action_logger(self.authuser, 'admin_changed_repo_permissions', - # repo_name, self.ip_addr, self.sa) + #action_logger(request.authuser, 'admin_changed_repo_permissions', + # repo_name, request.ip_addr, self.sa) Session().commit() h.flash(_('Repository group permissions updated'), category='success') raise HTTPFound(location=url('edit_repo_group_perms', group_name=group_name)) @@ -388,8 +388,8 @@ elif obj_type == 'user_group': obj_id = safe_int(request.POST.get('user_group_id')) - if not c.authuser.is_admin: - if obj_type == 'user' and c.authuser.user_id == obj_id: + if not request.authuser.is_admin: + if obj_type == 'user' and request.authuser.user_id == obj_id: msg = _('Cannot revoke permission for yourself as admin') h.flash(msg, category='warning') raise Exception('revoke admin permission on self')
--- a/kallithea/controllers/admin/repos.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/controllers/admin/repos.py Sat Dec 24 01:27:47 2016 +0100 @@ -121,7 +121,7 @@ # create is done sometimes async on celery, db transaction # management is handled there. - task = RepoModel().create(form_result, self.authuser.user_id) + task = RepoModel().create(form_result, request.authuser.user_id) task_id = task.task_id except formencode.Invalid as errors: log.info(errors) @@ -239,8 +239,8 @@ h.flash(_('Repository %s updated successfully') % repo_name, category='success') changed_name = repo.repo_name - action_logger(self.authuser, 'admin_updated_repo', - changed_name, self.ip_addr, self.sa) + action_logger(request.authuser, 'admin_updated_repo', + changed_name, request.ip_addr, self.sa) Session().commit() except formencode.Invalid as errors: log.info(errors) @@ -280,8 +280,8 @@ handle_forks = 'delete' h.flash(_('Deleted %s forks') % _forks, category='success') repo_model.delete(repo, forks=handle_forks) - action_logger(self.authuser, 'admin_deleted_repo', - repo_name, self.ip_addr, self.sa) + action_logger(request.authuser, 'admin_deleted_repo', + repo_name, request.ip_addr, self.sa) ScmModel().mark_for_invalidation(repo_name) h.flash(_('Deleted repository %s') % repo_name, category='success') Session().commit() @@ -332,8 +332,8 @@ RepoModel()._update_permissions(repo_name, form['perms_new'], form['perms_updates']) #TODO: implement this - #action_logger(self.authuser, 'admin_changed_repo_permissions', - # repo_name, self.ip_addr, self.sa) + #action_logger(request.authuser, 'admin_changed_repo_permissions', + # repo_name, request.ip_addr, self.sa) Session().commit() h.flash(_('Repository permissions updated'), category='success') raise HTTPFound(location=url('edit_repo_perms', repo_name=repo_name)) @@ -354,8 +354,8 @@ repo=repo_name, group_name=obj_id ) #TODO: implement this - #action_logger(self.authuser, 'admin_revoked_repo_permissions', - # repo_name, self.ip_addr, self.sa) + #action_logger(request.authuser, 'admin_revoked_repo_permissions', + # repo_name, request.ip_addr, self.sa) Session().commit() except Exception: log.error(traceback.format_exc()) @@ -468,7 +468,7 @@ try: fork_id = request.POST.get('id_fork_of') repo = ScmModel().mark_as_fork(repo_name, fork_id, - self.authuser.username) + request.authuser.username) fork = repo.fork.repo_name if repo.fork else _('Nothing') Session().commit() h.flash(_('Marked repository %s as fork of %s') % (repo_name, fork), @@ -493,7 +493,7 @@ try: repo = Repository.get_by_repo_name(repo_name) if request.POST.get('set_lock'): - Repository.lock(repo, c.authuser.user_id) + Repository.lock(repo, request.authuser.user_id) h.flash(_('Repository has been locked'), category='success') elif request.POST.get('set_unlock'): Repository.unlock(repo) @@ -514,7 +514,7 @@ Repository.unlock(repo) h.flash(_('Repository has been unlocked'), category='success') else: - Repository.lock(repo, c.authuser.user_id) + Repository.lock(repo, request.authuser.user_id) h.flash(_('Repository has been locked'), category='success') except Exception as e: @@ -547,7 +547,7 @@ c.active = 'remote' if request.POST: try: - ScmModel().pull_changes(repo_name, self.authuser.username) + ScmModel().pull_changes(repo_name, request.authuser.username) h.flash(_('Pulled from remote location'), category='success') except Exception as e: log.error(traceback.format_exc())
--- a/kallithea/controllers/admin/settings.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/controllers/admin/settings.py Sat Dec 24 01:27:47 2016 +0100 @@ -168,7 +168,7 @@ filesystem_repos = ScmModel().repo_scan() added, removed = repo2db_mapper(filesystem_repos, rm_obsolete, install_git_hooks=install_git_hooks, - user=c.authuser.username, + user=request.authuser.username, overwrite_git_hooks=overwrite_git_hooks) h.flash(h.literal(_('Repositories successfully rescanned. Added: %s. Removed: %s.') % (', '.join(h.link_to(safe_unicode(repo_name), h.url('summary_home', repo_name=repo_name))
--- a/kallithea/controllers/admin/user_groups.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/controllers/admin/user_groups.py Sat Dec 24 01:27:47 2016 +0100 @@ -136,13 +136,13 @@ form_result = users_group_form.to_python(dict(request.POST)) ug = UserGroupModel().create(name=form_result['users_group_name'], description=form_result['user_group_description'], - owner=self.authuser.user_id, + owner=request.authuser.user_id, active=form_result['users_group_active']) gr = form_result['users_group_name'] - action_logger(self.authuser, + action_logger(request.authuser, 'admin_created_users_group:%s' % gr, - None, self.ip_addr, self.sa) + None, request.ip_addr, self.sa) h.flash(h.literal(_('Created user group %s') % h.link_to(h.escape(gr), url('edit_users_group', id=ug.users_group_id))), category='success') Session().commit() @@ -181,9 +181,9 @@ form_result = users_group_form.to_python(request.POST) UserGroupModel().update(c.user_group, form_result) gr = form_result['users_group_name'] - action_logger(self.authuser, + action_logger(request.authuser, 'admin_updated_users_group:%s' % gr, - None, self.ip_addr, self.sa) + None, request.ip_addr, self.sa) h.flash(_('Updated user group %s') % gr, category='success') Session().commit() except formencode.Invalid as errors: @@ -285,8 +285,8 @@ h.flash(_('Target group cannot be the same'), category='error') raise HTTPFound(location=url('edit_user_group_perms', id=id)) #TODO: implement this - #action_logger(self.authuser, 'admin_changed_repo_permissions', - # repo_name, self.ip_addr, self.sa) + #action_logger(request.authuser, 'admin_changed_repo_permissions', + # repo_name, request.ip_addr, self.sa) Session().commit() h.flash(_('User group permissions updated'), category='success') raise HTTPFound(location=url('edit_user_group_perms', id=id)) @@ -301,8 +301,8 @@ elif obj_type == 'user_group': obj_id = safe_int(request.POST.get('user_group_id')) - if not c.authuser.is_admin: - if obj_type == 'user' and c.authuser.user_id == obj_id: + if not request.authuser.is_admin: + if obj_type == 'user' and request.authuser.user_id == obj_id: msg = _('Cannot revoke permission for yourself as admin') h.flash(msg, category='warning') raise Exception('revoke admin permission on self')
--- a/kallithea/controllers/admin/users.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/controllers/admin/users.py Sat Dec 24 01:27:47 2016 +0100 @@ -121,8 +121,8 @@ try: form_result = user_form.to_python(dict(request.POST)) user = user_model.create(form_result) - action_logger(self.authuser, 'admin_created_user:%s' % user.username, - None, self.ip_addr, self.sa) + action_logger(request.authuser, 'admin_created_user:%s' % user.username, + None, request.ip_addr, self.sa) h.flash(_('Created user %s') % user.username, category='success') Session().commit() @@ -160,8 +160,8 @@ user_model.update(id, form_result, skip_attrs=skip_attrs) usr = form_result['username'] - action_logger(self.authuser, 'admin_updated_user:%s' % usr, - None, self.ip_addr, self.sa) + action_logger(request.authuser, 'admin_updated_user:%s' % usr, + None, request.ip_addr, self.sa) h.flash(_('User updated successfully'), category='success') Session().commit() except formencode.Invalid as errors: @@ -210,7 +210,6 @@ c.user = user c.active = 'profile' c.perm_user = AuthUser(dbuser=user) - c.ip_addr = self.ip_addr managed_fields = auth_modules.get_managed_fields(user) c.readonly = lambda n: 'readonly' if n in managed_fields else None return render('admin/users/user_edit.html') @@ -229,7 +228,6 @@ c.user = self._get_user_or_raise_if_default(id) c.active = 'advanced' c.perm_user = AuthUser(dbuser=c.user) - c.ip_addr = self.ip_addr umodel = UserModel() defaults = c.user.get_dict() @@ -298,7 +296,6 @@ c.user = self._get_user_or_raise_if_default(id) c.active = 'perms' c.perm_user = AuthUser(dbuser=c.user) - c.ip_addr = self.ip_addr umodel = UserModel() defaults = c.user.get_dict()
--- a/kallithea/controllers/api/__init__.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/controllers/api/__init__.py Sat Dec 24 01:27:47 2016 +0100 @@ -109,7 +109,7 @@ def _handle_request(self, environ, start_response): start = time.time() - ip_addr = self.ip_addr = self._get_ip_addr(environ) + ip_addr = request.ip_addr = self._get_ip_addr(environ) self._req_id = None if 'CONTENT_LENGTH' not in environ: log.debug("No Content-Length") @@ -188,7 +188,7 @@ # this is little trick to inject logged in user for # perms decorators to work they expect the controller class to have # authuser attribute set - self.authuser = request.user = auth_u + request.authuser = request.user = auth_u # This attribute will need to be first param of a method that uses # api_key, which is translated to instance of user at that name
--- a/kallithea/controllers/api/api.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/controllers/api/api.py Sat Dec 24 01:27:47 2016 +0100 @@ -30,6 +30,8 @@ import logging from sqlalchemy import or_ +from pylons import request + from kallithea.controllers.api import JSONRPCController, JSONRPCError from kallithea.lib.auth import ( PasswordGenerator, AuthUser, HasPermissionAnyDecorator, @@ -145,7 +147,7 @@ """ API Controller - The authenticated user can be found as self.authuser. + The authenticated user can be found as request.authuser. Example function:: @@ -193,7 +195,7 @@ try: ScmModel().pull_changes(repo.repo_name, - self.authuser.username) + request.authuser.username) return dict( msg='Pulled from `%s`' % repo.repo_name, repository=repo.repo_name @@ -344,7 +346,7 @@ 'repository.write')(repo_name=repo.repo_name): # make sure normal user does not pass someone else userid, # he is not allowed to do that - if not isinstance(userid, Optional) and userid != self.authuser.user_id: + if not isinstance(userid, Optional) and userid != request.authuser.user_id: raise JSONRPCError( 'userid is not the same as your user' ) @@ -352,7 +354,7 @@ raise JSONRPCError('repository `%s` does not exist' % (repoid,)) if isinstance(userid, Optional): - userid = self.authuser.user_id + userid = request.authuser.user_id user = get_user_or_error(userid) @@ -431,7 +433,7 @@ if not HasPermissionAny('hg.admin')(): # make sure normal user does not pass someone else userid, # he is not allowed to do that - if not isinstance(userid, Optional) and userid != self.authuser.user_id: + if not isinstance(userid, Optional) and userid != request.authuser.user_id: raise JSONRPCError( 'userid is not the same as your user' ) @@ -484,11 +486,11 @@ """ if isinstance(userid, Optional): - userid = self.authuser.user_id + userid = request.authuser.user_id user = get_user_or_error(userid) ips = UserIpMap.query().filter(UserIpMap.user == user).all() return dict( - server_ip_addr=self.ip_addr, + server_ip_addr=request.ip_addr, user_ips=ips ) @@ -559,13 +561,13 @@ if not HasPermissionAny('hg.admin')(): # make sure normal user does not pass someone else userid, # he is not allowed to do that - if not isinstance(userid, Optional) and userid != self.authuser.user_id: + if not isinstance(userid, Optional) and userid != request.authuser.user_id: raise JSONRPCError( 'userid is not the same as your user' ) if isinstance(userid, Optional): - userid = self.authuser.user_id + userid = request.authuser.user_id user = get_user_or_error(userid) data = user.get_api_data() @@ -896,7 +898,7 @@ try: if isinstance(owner, Optional): - owner = self.authuser.user_id + owner = request.authuser.user_id owner = get_user_or_error(owner) active = Optional.extract(active) @@ -1270,7 +1272,7 @@ """ result = [] if not HasPermissionAny('hg.admin')(): - repos = RepoModel().get_all_user_repos(user=self.authuser.user_id) + repos = RepoModel().get_all_user_repos(user=request.authuser.user_id) else: repos = Repository.query() @@ -1404,7 +1406,7 @@ 'Only Kallithea admin can specify `owner` param' ) if isinstance(owner, Optional): - owner = self.authuser.user_id + owner = request.authuser.user_id owner = get_user_or_error(owner) @@ -1603,7 +1605,7 @@ raise JSONRPCError('repository `%s` does not exist' % (repoid,)) if isinstance(owner, Optional): - owner = self.authuser.user_id + owner = request.authuser.user_id owner = get_user_or_error(owner) @@ -1996,7 +1998,7 @@ raise JSONRPCError("repo group `%s` already exist" % (group_name,)) if isinstance(owner, Optional): - owner = self.authuser.user_id + owner = request.authuser.user_id group_description = Optional.extract(description) parent_group = Optional.extract(parent) if not isinstance(parent, Optional): @@ -2380,7 +2382,7 @@ """ gist = get_gist_or_error(gistid) if not HasPermissionAny('hg.admin')(): - if gist.owner_id != self.authuser.user_id: + if gist.owner_id != request.authuser.user_id: raise JSONRPCError('gist `%s` does not exist' % (gistid,)) return gist.get_api_data() @@ -2395,13 +2397,13 @@ if not HasPermissionAny('hg.admin')(): # make sure normal user does not pass someone else userid, # he is not allowed to do that - if not isinstance(userid, Optional) and userid != self.authuser.user_id: + if not isinstance(userid, Optional) and userid != request.authuser.user_id: raise JSONRPCError( 'userid is not the same as your user' ) if isinstance(userid, Optional): - user_id = self.authuser.user_id + user_id = request.authuser.user_id else: user_id = get_user_or_error(userid).user_id @@ -2454,7 +2456,7 @@ """ try: if isinstance(owner, Optional): - owner = self.authuser.user_id + owner = request.authuser.user_id owner = get_user_or_error(owner) description = Optional.extract(description) @@ -2509,7 +2511,7 @@ """ gist = get_gist_or_error(gistid) if not HasPermissionAny('hg.admin')(): - if gist.owner_id != self.authuser.user_id: + if gist.owner_id != request.authuser.user_id: raise JSONRPCError('gist `%s` does not exist' % (gistid,)) try:
--- a/kallithea/controllers/changeset.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/controllers/changeset.py Sat Dec 24 01:27:47 2016 +0100 @@ -179,7 +179,7 @@ comment = ChangesetCommentsModel().create( text=text, repo=c.db_repo.repo_id, - author=c.authuser.user_id, + author=request.authuser.user_id, revision=revision, pull_request=pull_request_id, f_path=f_path, @@ -387,7 +387,7 @@ ChangesetStatusModel().set_status( c.db_repo.repo_id, status, - c.authuser.user_id, + request.authuser.user_id, c.comment, revision=revision, dont_allow_on_closed_pull_request=True, @@ -396,9 +396,9 @@ log.debug('cannot change status on %s with closed pull request', revision) raise HTTPBadRequest() - action_logger(self.authuser, + action_logger(request.authuser, 'user_commented_revision:%s' % revision, - c.db_repo, self.ip_addr, self.sa) + c.db_repo, request.ip_addr, self.sa) Session().commit() @@ -421,7 +421,7 @@ co = ChangesetComment.get_or_404(comment_id) if co.repo.repo_name != repo_name: raise HTTPNotFound() - owner = co.author_id == c.authuser.user_id + owner = co.author_id == request.authuser.user_id repo_admin = h.HasRepoPermissionAny('repository.admin')(repo_name) if h.HasPermissionAny('hg.admin')() or repo_admin or owner: ChangesetCommentsModel().delete(comment=co)
--- a/kallithea/controllers/files.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/controllers/files.py Sat Dec 24 01:27:47 2016 +0100 @@ -327,7 +327,7 @@ c.default_message = _('Deleted file %s via Kallithea') % (f_path) c.f_path = f_path node_path = f_path - author = self.authuser.full_contact + author = request.authuser.full_contact if r_post: message = r_post.get('message') or c.default_message @@ -339,7 +339,7 @@ } } self.scm_model.delete_nodes( - user=c.authuser.user_id, repo=c.db_repo, + user=request.authuser.user_id, repo=c.db_repo, message=message, nodes=nodes, parent_cs=c.cs, @@ -400,7 +400,7 @@ content = convert_line_endings(r_post.get('content', ''), mode) message = r_post.get('message') or c.default_message - author = self.authuser.full_contact + author = request.authuser.full_contact if content == old_content: h.flash(_('No changes'), category='warning') @@ -409,7 +409,7 @@ try: self.scm_model.commit_change(repo=c.db_repo_scm_instance, repo_name=repo_name, cs=c.cs, - user=self.authuser.user_id, + user=request.authuser.user_id, author=author, message=message, content=content, f_path=f_path) h.flash(_('Successfully committed to %s') % f_path, @@ -470,7 +470,7 @@ #strip all crap out of file, just leave the basename filename = os.path.basename(filename) node_path = posixpath.join(location, filename) - author = self.authuser.full_contact + author = request.authuser.full_contact try: nodes = { @@ -479,7 +479,7 @@ } } self.scm_model.create_nodes( - user=c.authuser.user_id, repo=c.db_repo, + user=request.authuser.user_id, repo=c.db_repo, message=message, nodes=nodes, parent_cs=c.cs, @@ -582,9 +582,9 @@ log.debug('Destroying temp archive %s', archive_path) os.remove(archive_path) - action_logger(user=c.authuser, + action_logger(user=request.authuser, action='user_downloaded_archive:%s' % (archive_name), - repo=repo_name, ipaddr=self.ip_addr, commit=True) + repo=repo_name, ipaddr=request.ip_addr, commit=True) response.content_disposition = str('attachment; filename=%s' % (archive_name)) response.content_type = str(content_type)
--- a/kallithea/controllers/forks.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/controllers/forks.py Sat Dec 24 01:27:47 2016 +0100 @@ -168,7 +168,7 @@ # create fork is done sometimes async on celery, db transaction # management is handled there. - task = RepoModel().create_fork(form_result, self.authuser.user_id) + task = RepoModel().create_fork(form_result, request.authuser.user_id) task_id = task.task_id except formencode.Invalid as errors: return htmlfill.render(
--- a/kallithea/controllers/journal.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/controllers/journal.py Sat Dec 24 01:27:47 2016 +0100 @@ -196,9 +196,9 @@ def index(self): # Return a rendered template p = safe_int(request.GET.get('page'), 1) - c.user = User.get(self.authuser.user_id) + c.user = User.get(request.authuser.user_id) c.following = self.sa.query(UserFollowing) \ - .filter(UserFollowing.user_id == self.authuser.user_id) \ + .filter(UserFollowing.user_id == request.authuser.user_id) \ .options(joinedload(UserFollowing.follows_repository)) \ .all() @@ -214,7 +214,7 @@ return render('journal/journal_data.html') repos_list = Repository.query(sorted=True) \ - .filter_by(owner_id=self.authuser.user_id).all() + .filter_by(owner_id=request.authuser.user_id).all() repos_data = RepoModel().get_repos_as_dict(repos_list=repos_list, admin=True) @@ -230,7 +230,7 @@ Produce an atom-1.0 feed via feedgenerator module """ following = self.sa.query(UserFollowing) \ - .filter(UserFollowing.user_id == self.authuser.user_id) \ + .filter(UserFollowing.user_id == request.authuser.user_id) \ .options(joinedload(UserFollowing.follows_repository)) \ .all() return self._atom_feed(following, public=False) @@ -242,7 +242,7 @@ Produce an rss feed via feedgenerator module """ following = self.sa.query(UserFollowing) \ - .filter(UserFollowing.user_id == self.authuser.user_id) \ + .filter(UserFollowing.user_id == request.authuser.user_id) \ .options(joinedload(UserFollowing.follows_repository)) \ .all() return self._rss_feed(following, public=False) @@ -254,7 +254,7 @@ if user_id: try: self.scm_model.toggle_following_user(user_id, - self.authuser.user_id) + request.authuser.user_id) Session.commit() return 'ok' except Exception: @@ -265,7 +265,7 @@ if repo_id: try: self.scm_model.toggle_following_repo(repo_id, - self.authuser.user_id) + request.authuser.user_id) Session.commit() return 'ok' except Exception: @@ -280,7 +280,7 @@ p = safe_int(request.GET.get('page'), 1) c.following = self.sa.query(UserFollowing) \ - .filter(UserFollowing.user_id == self.authuser.user_id) \ + .filter(UserFollowing.user_id == request.authuser.user_id) \ .options(joinedload(UserFollowing.follows_repository)) \ .all() @@ -301,7 +301,7 @@ Produce an atom-1.0 feed via feedgenerator module """ c.following = self.sa.query(UserFollowing) \ - .filter(UserFollowing.user_id == self.authuser.user_id) \ + .filter(UserFollowing.user_id == request.authuser.user_id) \ .options(joinedload(UserFollowing.follows_repository)) \ .all() @@ -313,7 +313,7 @@ Produce an rss2 feed via feedgenerator module """ c.following = self.sa.query(UserFollowing) \ - .filter(UserFollowing.user_id == self.authuser.user_id) \ + .filter(UserFollowing.user_id == request.authuser.user_id) \ .options(joinedload(UserFollowing.follows_repository)) \ .all()
--- a/kallithea/controllers/login.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/controllers/login.py Sat Dec 24 01:27:47 2016 +0100 @@ -79,10 +79,10 @@ else: c.came_from = url('home') - ip_allowed = AuthUser.check_ip_allowed(self.authuser, self.ip_addr) + ip_allowed = AuthUser.check_ip_allowed(request.authuser, request.ip_addr) # redirect if already logged in - if self.authuser.is_authenticated and ip_allowed: + if request.authuser.is_authenticated and ip_allowed: raise HTTPFound(location=c.came_from) if request.POST: @@ -139,7 +139,7 @@ response = submit(request.POST.get('recaptcha_challenge_field'), request.POST.get('recaptcha_response_field'), private_key=captcha_private_key, - remoteip=self.ip_addr) + remoteip=request.ip_addr) if c.captcha_active and not response.is_valid: _value = form_result _msg = _('Bad captcha') @@ -185,7 +185,7 @@ response = submit(request.POST.get('recaptcha_challenge_field'), request.POST.get('recaptcha_response_field'), private_key=captcha_private_key, - remoteip=self.ip_addr) + remoteip=request.ip_addr) if c.captcha_active and not response.is_valid: _value = form_result _msg = _('Bad captcha')
--- a/kallithea/controllers/pullrequests.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/controllers/pullrequests.py Sat Dec 24 01:27:47 2016 +0100 @@ -181,13 +181,13 @@ if pull_request.is_closed(): return False - owner = self.authuser.user_id == pull_request.owner_id + owner = request.authuser.user_id == pull_request.owner_id reviewer = PullRequestReviewer.query() \ .filter(PullRequestReviewer.pull_request == pull_request) \ - .filter(PullRequestReviewer.user_id == self.authuser.user_id) \ + .filter(PullRequestReviewer.user_id == request.authuser.user_id) \ .count() != 0 - return self.authuser.admin or owner or reviewer + return request.authuser.admin or owner or reviewer @LoginRequired() @HasRepoPermissionAnyDecorator('repository.read', 'repository.write', @@ -216,17 +216,17 @@ c.my_pull_requests = PullRequest.query( include_closed=c.closed, sorted=True, - ).filter_by(owner_id=self.authuser.user_id).all() + ).filter_by(owner_id=request.authuser.user_id).all() c.participate_in_pull_requests = [] c.participate_in_pull_requests_todo = [] done_status = set([ChangesetStatus.STATUS_APPROVED, ChangesetStatus.STATUS_REJECTED]) for pr in PullRequest.query( include_closed=c.closed, - reviewer_id=self.authuser.user_id, + reviewer_id=request.authuser.user_id, sorted=True, ): - status = pr.user_review_status(c.authuser.user_id) # very inefficient!!! + status = pr.user_review_status(request.authuser.user_id) # very inefficient!!! if status in done_status: c.participate_in_pull_requests.append(pr) else: @@ -380,7 +380,7 @@ other_repo_name, h.short_ref(other_ref_type, other_ref_name)) description = _form['pullrequest_desc'].strip() or _('No description') try: - created_by = User.get(self.authuser.user_id) + created_by = User.get(request.authuser.user_id) pull_request = PullRequestModel().create( created_by, org_repo, org_ref, other_repo, other_ref, revisions, title, description, reviewer_ids) @@ -482,7 +482,7 @@ description += '\n\n' + descriptions[1].strip() try: - created_by = User.get(self.authuser.user_id) + created_by = User.get(request.authuser.user_id) pull_request = PullRequestModel().create( created_by, org_repo, new_org_ref, other_repo, new_other_ref, revisions, title, description, reviewer_ids) @@ -498,7 +498,7 @@ ChangesetCommentsModel().create( text=_('Closed, next iteration: %s .') % pull_request.url(canonical=True), repo=old_pull_request.other_repo_id, - author=c.authuser.user_id, + author=request.authuser.user_id, pull_request=old_pull_request.pull_request_id, closing_pr=True) PullRequestModel().close_pull_request(old_pull_request.pull_request_id) @@ -520,7 +520,7 @@ raise HTTPForbidden() assert pull_request.other_repo.repo_name == repo_name #only owner or admin can update it - owner = pull_request.owner_id == c.authuser.user_id + owner = pull_request.owner_id == request.authuser.user_id repo_admin = h.HasRepoPermissionAny('repository.admin')(c.repo_name) if not (h.HasPermissionAny('hg.admin')() or repo_admin or owner): raise HTTPForbidden() @@ -552,7 +552,7 @@ pull_request.title = _form['pullrequest_title'] pull_request.description = _form['pullrequest_desc'].strip() or _('No description') pull_request.owner = User.get_by_username(_form['owner']) - user = User.get(c.authuser.user_id) + user = User.get(request.authuser.user_id) add_reviewer_ids = reviewer_ids - org_reviewer_ids - current_reviewer_ids remove_reviewer_ids = (org_reviewer_ids - reviewer_ids) & current_reviewer_ids try: @@ -576,7 +576,7 @@ def delete(self, repo_name, pull_request_id): pull_request = PullRequest.get_or_404(pull_request_id) #only owner can delete it ! - if pull_request.owner_id == c.authuser.user_id: + if pull_request.owner_id == request.authuser.user_id: PullRequestModel().delete(pull_request) Session().commit() h.flash(_('Successfully deleted pull request'), @@ -798,7 +798,7 @@ raise HTTPForbidden() if delete == "delete": - if (pull_request.owner_id == c.authuser.user_id or + if (pull_request.owner_id == request.authuser.user_id or h.HasPermissionAny('hg.admin')() or h.HasRepoPermissionAny('repository.admin')(pull_request.org_repo.repo_name) or h.HasRepoPermissionAny('repository.admin')(pull_request.other_repo.repo_name) @@ -824,24 +824,24 @@ closing_pr=close_pr, ) - action_logger(self.authuser, + action_logger(request.authuser, 'user_commented_pull_request:%s' % pull_request_id, - c.db_repo, self.ip_addr, self.sa) + c.db_repo, request.ip_addr, self.sa) if status: ChangesetStatusModel().set_status( c.db_repo.repo_id, status, - c.authuser.user_id, + request.authuser.user_id, comment, pull_request=pull_request_id ) if close_pr: PullRequestModel().close_pull_request(pull_request_id) - action_logger(self.authuser, + action_logger(request.authuser, 'user_closed_pull_request:%s' % pull_request_id, - c.db_repo, self.ip_addr, self.sa) + c.db_repo, request.ip_addr, self.sa) Session().commit() @@ -870,7 +870,7 @@ #don't allow deleting comments on closed pull request raise HTTPForbidden() - owner = co.author_id == c.authuser.user_id + owner = co.author_id == request.authuser.user_id repo_admin = h.HasRepoPermissionAny('repository.admin')(c.repo_name) if h.HasPermissionAny('hg.admin')() or repo_admin or owner: ChangesetCommentsModel().delete(comment=co)
--- a/kallithea/controllers/summary.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/controllers/summary.py Sat Dec 24 01:27:47 2016 +0100 @@ -112,10 +112,10 @@ def index(self, repo_name): _load_changelog_summary() - if self.authuser.is_default_user: + if request.authuser.is_default_user: username = '' else: - username = safe_str(self.authuser.username) + username = safe_str(request.authuser.username) _def_clone_uri = _def_clone_uri_by_id = c.clone_uri_tmpl if '{repo}' in _def_clone_uri:
--- a/kallithea/lib/auth.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/lib/auth.py Sat Dec 24 01:27:47 2016 +0100 @@ -732,12 +732,12 @@ def __wrapper(self, func, *fargs, **fkwargs): controller = fargs[0] - user = controller.authuser + user = request.authuser loc = "%s:%s" % (controller.__class__.__name__, func.__name__) log.debug('Checking access for user %s @ %s', user, loc) - if not AuthUser.check_ip_allowed(user, controller.ip_addr): - raise _redirect_to_login(_('IP %s not allowed') % controller.ip_addr) + if not AuthUser.check_ip_allowed(user, request.ip_addr): + raise _redirect_to_login(_('IP %s not allowed') % request.ip_addr) # Check if we used an API key to authenticate. api_key = user.authenticating_api_key @@ -782,7 +782,7 @@ def __wrapper(self, func, *fargs, **fkwargs): cls = fargs[0] - self.user = cls.authuser + self.user = request.authuser log.debug('Checking if user is not anonymous @%s', cls) @@ -805,7 +805,7 @@ def __wrapper(self, func, *fargs, **fkwargs): cls = fargs[0] - self.user = cls.authuser + self.user = request.authuser self.user_perms = self.user.permissions log.debug('checking %s permissions %s for %s %s', self.__class__.__name__, self.required_perms, cls, self.user)
--- a/kallithea/lib/base.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/lib/base.py Sat Dec 24 01:27:47 2016 +0100 @@ -188,7 +188,6 @@ # authenticate this VCS request using the authentication modules self.authenticate = BasicAuth('', auth_modules.authenticate, config.get('auth_ret_code')) - self.ip_addr = '0.0.0.0' def _handle_request(self, environ, start_response): raise NotImplementedError() @@ -358,11 +357,11 @@ c.repo_name = get_repo_slug(request) # can be empty c.backends = BACKENDS.keys() c.unread_notifications = NotificationModel() \ - .get_unread_cnt_for_user(c.authuser.user_id) + .get_unread_cnt_for_user(request.authuser.user_id) self.cut_off_limit = safe_int(config.get('cut_off_limit')) - c.my_pr_count = PullRequest.query(reviewer_id=c.authuser.user_id, include_closed=False).count() + c.my_pr_count = PullRequest.query(reviewer_id=request.authuser.user_id, include_closed=False).count() self.sa = meta.Session self.scm_model = ScmModel(self.sa) @@ -460,7 +459,7 @@ # the request is routed to. This routing information is # available in environ['pylons.routes_dict'] try: - self.ip_addr = _get_ip_addr(environ) + request.ip_addr = _get_ip_addr(environ) # make sure that we update permissions each time we call controller self._basic_security_checks() @@ -477,14 +476,14 @@ if type.lower() == 'bearer': bearer_token = params - self.authuser = c.authuser = request.user = self._determine_auth_user( + request.authuser = request.user = self._determine_auth_user( request.GET.get('api_key'), bearer_token, session.get('authuser'), ) log.info('IP: %s User: %s accessed %s', - self.ip_addr, self.authuser, + request.ip_addr, request.authuser, safe_unicode(_get_access_path(environ)), ) return WSGIController.__call__(self, environ, start_response) @@ -542,7 +541,7 @@ c.repository_forks = self.scm_model.get_forks(dbr) c.repository_pull_requests = self.scm_model.get_pull_requests(dbr) c.repository_following = self.scm_model.is_following_repo( - c.repo_name, self.authuser.user_id) + c.repo_name, request.authuser.user_id) @staticmethod def _get_ref_rev(repo, ref_type, ref_name, returnempty=False):
--- a/kallithea/model/repo.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/model/repo.py Sat Dec 24 01:27:47 2016 +0100 @@ -166,14 +166,14 @@ @classmethod def _render_datatable(cls, tmpl, *args, **kwargs): import kallithea - from pylons import tmpl_context as c + from pylons import tmpl_context as c, request from pylons.i18n.translation import _ _tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup template = _tmpl_lookup.get_template('data_table/_dt_elements.html') tmpl = template.get_def(tmpl) - kwargs.update(dict(_=_, h=h, c=c)) + kwargs.update(dict(_=_, h=h, c=c, request=request)) return tmpl.render(*args, **kwargs) def get_repos_as_dict(self, repos_list=None, admin=False, perm_check=True,
--- a/kallithea/templates/admin/gists/edit.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/admin/gists/edit.html Sat Dec 24 01:27:47 2016 +0100 @@ -45,7 +45,7 @@ <div id="files_data"> ${h.form(h.url('edit_gist', gist_id=c.gist.gist_access_id), method='post', id='eform')} <div> - ${h.gravatar_div(c.authuser.email, size=32)} + ${h.gravatar_div(request.authuser.email, size=32)} <input type="hidden" value="${c.file_changeset.raw_id}" name="parent_hash"> <textarea style="resize:vertical; width:400px;border: 1px solid #ccc;border-radius: 3px;" id="description" name="description"
--- a/kallithea/templates/admin/gists/index.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/admin/gists/index.html Sat Dec 24 01:27:47 2016 +0100 @@ -3,9 +3,9 @@ <%block name="title"> %if c.show_private: - ${_('Private Gists for User %s') % c.authuser.username} + ${_('Private Gists for User %s') % request.authuser.username} %elif c.show_public: - ${_('Public Gists for User %s') % c.authuser.username} + ${_('Public Gists for User %s') % request.authuser.username} %else: ${_('Public Gists')} %endif @@ -13,9 +13,9 @@ <%def name="breadcrumbs_links()"> %if c.show_private: - ${_('Private Gists for User %s') % c.authuser.username} + ${_('Private Gists for User %s') % request.authuser.username} %elif c.show_public: - ${_('Public Gists for User %s') % c.authuser.username} + ${_('Public Gists for User %s') % request.authuser.username} %else: ${_('Public Gists')} %endif @@ -32,7 +32,7 @@ <div class="pull-left"> ${self.breadcrumbs()} </div> - %if c.authuser.username != 'default': + %if request.authuser.username != 'default': <div class="pull-right"> <a href="${h.url('new_gist')}" class="btn btn-success btn-xs"><i class="icon-plus"></i> ${_('Create New Gist')}</a> </div>
--- a/kallithea/templates/admin/gists/new.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/admin/gists/new.html Sat Dec 24 01:27:47 2016 +0100 @@ -32,7 +32,7 @@ <div id="files_data"> ${h.form(h.url('gists'), method='post',id='eform')} <div> - ${h.gravatar_div(c.authuser.email, size=32)} + ${h.gravatar_div(request.authuser.email, size=32)} <textarea style="resize:vertical; width:400px;border: 1px solid #ccc;border-radius: 3px;" id="description" name="description" placeholder="${_('Gist description ...')}"></textarea> <div> <label>
--- a/kallithea/templates/admin/gists/show.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/admin/gists/show.html Sat Dec 24 01:27:47 2016 +0100 @@ -20,7 +20,7 @@ <div class="pull-left"> ${self.breadcrumbs()} </div> - %if c.authuser.username != 'default': + %if request.authuser.username != 'default': <div class="pull-right"> <a href="${h.url('new_gist')}" class="btn btn-success btn-sm"><i class="icon-plus"></i> ${_('Create New Gist')}</a> </div> @@ -49,7 +49,7 @@ %endif </div> - %if h.HasPermissionAny('hg.admin')() or c.gist.owner_id == c.authuser.user_id: + %if h.HasPermissionAny('hg.admin')() or c.gist.owner_id == request.authuser.user_id: <div style="float:right"> ${h.form(url('gist_delete', gist_id=c.gist.gist_id))} ${h.submit('remove_gist', _('Delete'),class_="btn btn-danger btn-xs",onclick="return confirm('"+_('Confirm to delete this Gist')+"');")} @@ -58,7 +58,7 @@ %endif <div class="buttons"> ## only owner should see that - %if h.HasPermissionAny('hg.admin')() or c.gist.owner_id == c.authuser.user_id: + %if h.HasPermissionAny('hg.admin')() or c.gist.owner_id == request.authuser.user_id: ${h.link_to(_('Edit'),h.url('edit_gist', gist_id=c.gist.gist_access_id),class_="btn btn-default btn-xs")} %endif ${h.link_to(_('Show as Raw'),h.url('formatted_gist', gist_id=c.gist.gist_access_id, format='raw'),class_="btn btn-default btn-xs")}
--- a/kallithea/templates/admin/my_account/my_account.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/admin/my_account/my_account.html Sat Dec 24 01:27:47 2016 +0100 @@ -2,7 +2,7 @@ <%inherit file="/base/base.html"/> <%block name="title"> - ${_('My Account')} ${c.authuser.username} + ${_('My Account')} ${request.authuser.username} </%block> <%def name="breadcrumbs_links()">
--- a/kallithea/templates/admin/my_account/my_account_profile.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/admin/my_account/my_account_profile.html Sat Dec 24 01:27:47 2016 +0100 @@ -11,7 +11,7 @@ %else: <strong>${_('Avatars are disabled')}</strong> <br/>${c.user.email or _('Missing email, please update your user email address.')} - [${_('Current IP')}: ${c.ip_addr}] + [${_('Current IP')}: ${request.ip_addr}] %endif </p> </div>
--- a/kallithea/templates/admin/notifications/notifications.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/admin/notifications/notifications.html Sat Dec 24 01:27:47 2016 +0100 @@ -2,7 +2,7 @@ <%inherit file="/base/base.html"/> <%block name="title"> - ${_('My Notifications')} ${c.authuser.username} + ${_('My Notifications')} ${request.authuser.username} </%block> <%def name="breadcrumbs_links()">
--- a/kallithea/templates/admin/notifications/show_notification.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/admin/notifications/show_notification.html Sat Dec 24 01:27:47 2016 +0100 @@ -2,7 +2,7 @@ <%inherit file="/base/base.html"/> <%block name="title"> - ${_('Show Notification')} ${c.authuser.username} + ${_('Show Notification')} ${request.authuser.username} </%block> <%def name="breadcrumbs_links()">
--- a/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html Sat Dec 24 01:27:47 2016 +0100 @@ -15,7 +15,7 @@ %for r2p in c.repo_group.repo_group_to_perm: ##forbid revoking permission from yourself, except if you're an super admin <tr id="id${id(r2p.user.username)}"> - %if c.authuser.user_id != r2p.user.user_id or c.authuser.is_admin: + %if request.authuser.user_id != r2p.user.user_id or request.authuser.is_admin: <td>${h.radio('u_perm_%s' % r2p.user.username,'group.none')}</td> <td>${h.radio('u_perm_%s' % r2p.user.username,'group.read')}</td> <td>${h.radio('u_perm_%s' % r2p.user.username,'group.write')}</td>
--- a/kallithea/templates/admin/repos/repo_add.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/admin/repos/repo_add.html Sat Dec 24 01:27:47 2016 +0100 @@ -6,7 +6,7 @@ </%block> <%def name="breadcrumbs_links()"> - %if c.authuser.is_admin: + %if request.authuser.is_admin: ${h.link_to(_('Admin'),h.url('admin_home'))} » ${h.link_to(_('Repositories'),h.url('repos'))}
--- a/kallithea/templates/admin/user_groups/user_group_edit_perms.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/admin/user_groups/user_group_edit_perms.html Sat Dec 24 01:27:47 2016 +0100 @@ -15,7 +15,7 @@ %for r2p in c.user_group.user_user_group_to_perm: ##forbid revoking permission from yourself, except if you're an super admin <tr id="id${id(r2p.user.username)}"> - %if c.authuser.user_id != r2p.user.user_id or c.authuser.is_admin: + %if request.authuser.user_id != r2p.user.user_id or request.authuser.is_admin: <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.none')}</td> <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.read')}</td> <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.write')}</td>
--- a/kallithea/templates/admin/users/user_edit_profile.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/admin/users/user_edit_profile.html Sat Dec 24 01:27:47 2016 +0100 @@ -11,8 +11,8 @@ <strong>${_('Avatars are disabled')}</strong> <br/>${c.user.email or _('Missing email, please update this user email address.')} ##show current ip just if we show ourself - %if c.authuser.username == c.user.username: - [${_('Current IP')}: ${c.ip_addr}] + %if request.authuser.username == c.user.username: + [${_('Current IP')}: ${request.ip_addr}] %endif %endif </div>
--- a/kallithea/templates/base/base.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/base/base.html Sat Dec 24 01:27:47 2016 +0100 @@ -153,7 +153,7 @@ %endif ## TODO: this check feels wrong, it would be better to have a check for permissions ## also it feels like a job for the controller - %if c.authuser.username != 'default': + %if request.authuser.username != 'default': <li> <a href="#" class="${'following' if c.repository_following else 'follow'}" onclick="toggleFollowingRepo(this, ${c.db_repo.repo_id});"> <span class="show-follow ${'hidden' if c.repository_following else ''}"><i class="icon-heart-empty"></i> ${_('Follow')}</span> @@ -283,7 +283,7 @@ </li> ##ROOT MENU - %if c.authuser.username != 'default': + %if request.authuser.username != 'default': <li class="${'active' if current == 'journal' else ''}"> <a class="menu_link" title="${_('Show recent activity')}" href="${h.url('journal')}"> <i class="icon-book"></i> ${_('Journal')} @@ -303,7 +303,7 @@ <ul class="dropdown-menu" role="menu"> <li><a href="${h.url('new_gist', public=1)}"><i class="icon-paste"></i> ${_('Create New Gist')}</a></li> <li><a href="${h.url('gists')}"><i class="icon-globe"></i> ${_('All Public Gists')}</a></li> - %if c.authuser.username != 'default': + %if request.authuser.username != 'default': <li><a href="${h.url('gists', public=1)}"><i class="icon-user"></i> ${_('My Public Gists')}</a></li> <li><a href="${h.url('gists', private=1)}"><i class="icon-keyhole-circled"></i> ${_('My Private Gists')}</a></li> %endif @@ -321,14 +321,14 @@ </a> ${admin_menu()} </li> - % elif c.authuser.repositories_admin or c.authuser.repository_groups_admin or c.authuser.user_groups_admin: + % elif request.authuser.repositories_admin or request.authuser.repository_groups_admin or request.authuser.user_groups_admin: <li class="${'active' if current == 'admin' else ''} dropdown"> <a class="menu_link dropdown-toggle" data-toggle="dropdown" role="button" title="${_('Admin')}"> <i class="icon-gear"></i> ${_('Admin')} </a> - ${admin_menu_simple(c.authuser.repositories_admin, - c.authuser.repository_groups_admin, - c.authuser.user_groups_admin or h.HasPermissionAny('hg.usergroup.create.true')())} + ${admin_menu_simple(request.authuser.repositories_admin, + request.authuser.repository_groups_admin, + request.authuser.user_groups_admin or h.HasPermissionAny('hg.usergroup.create.true')())} </li> % endif @@ -345,15 +345,15 @@ <li class="dropdown"> <a class="menu_link dropdown-toggle" data-toggle="dropdown" role="button" id="quick_login_link" aria-expanded="false" aria-controls="quick_login" - %if c.authuser.username != 'default': + %if request.authuser.username != 'default': href="${h.url('notifications')}" %else: href="#" %endif > - ${h.gravatar_div(c.authuser.email, size=20, div_class="icon")} - %if c.authuser.username != 'default': - <span class="menu_link_user">${c.authuser.username}</span> + ${h.gravatar_div(request.authuser.email, size=20, div_class="icon")} + %if request.authuser.username != 'default': + <span class="menu_link_user">${request.authuser.username}</span> %if c.unread_notifications != 0: <span class="badge">${c.unread_notifications}</span> %endif @@ -364,7 +364,7 @@ <div class="dropdown-menu user-menu" role="menu"> <div id="quick_login" role="form" aria-describedby="quick_login_h" aria-hidden="true" class="container-fluid"> - %if c.authuser.username == 'default' or c.authuser.user_id is None: + %if request.authuser.username == 'default' or request.authuser.user_id is None: <h4 id="quick_login_h">${_('Login to Your Account')}</h4> ${h.form(h.url('login_home', came_from=request.path_qs))} <div class="form"> @@ -402,14 +402,14 @@ ${h.end_form()} %else: <div class="pull-left"> - ${h.gravatar_div(c.authuser.email, size=48, div_class="big_gravatar")} - <b class="full_name">${c.authuser.full_name_or_username}</b> - <div class="email">${c.authuser.email}</div> + ${h.gravatar_div(request.authuser.email, size=48, div_class="big_gravatar")} + <b class="full_name">${request.authuser.full_name_or_username}</b> + <div class="email">${request.authuser.email}</div> </div> <div id="quick_login_h" class="pull-right list-group text-right"> <a class="list-group-item" href="${h.url('notifications')}">${_('Notifications')}: ${c.unread_notifications}</a> ${h.link_to(_('My Account'),h.url('my_account'),class_='list-group-item')} - %if not c.authuser.is_external_auth: + %if not request.authuser.is_external_auth: ## Cannot log out if using external (container) authentication. ${h.link_to(_('Log Out'), h.url('logout_home'),class_='list-group-item')} %endif
--- a/kallithea/templates/changeset/changeset_file_comment.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/changeset/changeset_file_comment.html Sat Dec 24 01:27:47 2016 +0100 @@ -24,7 +24,7 @@ <a class="permalink" href="${co.url()}">¶</a> </span> - %if co.author_id == c.authuser.user_id or h.HasRepoPermissionAny('repository.admin')(c.repo_name): + %if co.author_id == request.authuser.user_id or h.HasRepoPermissionAny('repository.admin')(c.repo_name): %if co.deletable(): <div onClick="confirm('${_('Delete comment?')}') && deleteComment(${co.comment_id})" class="buttons delete-comment btn btn-default btn-xs" style="margin:0 5px">${_('Delete')}</div> %endif @@ -51,7 +51,7 @@ <%def name="comment_inline_form()"> <div id='comment-inline-form-template' style="display:none"> <div class="ac"> - %if c.authuser.username != 'default': + %if request.authuser.username != 'default': ${h.form('#', class_='inline-form')} <div class="well well-sm clearfix"> <div class="comment-help">${_('Commenting on line.')} @@ -81,7 +81,7 @@ %if c.pull_request is not None and ( \ h.HasPermissionAny('hg.admin')() or h.HasRepoPermissionAny('repository.admin')(c.repo_name) \ - or c.pull_request.owner_id == c.authuser.user_id): + or c.pull_request.owner_id == request.authuser.user_id): <div> ${_('Finish pull request')}: <label class="checkbox-inline">
--- a/kallithea/templates/data_table/_dt_elements.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/data_table/_dt_elements.html Sat Dec 24 01:27:47 2016 +0100 @@ -53,16 +53,16 @@ </%def> <%def name="rss(name)"> - %if c.authuser.username != 'default': - <a title="${_('Subscribe to %s rss feed')% name}" href="${h.url('rss_feed_home',repo_name=name,api_key=c.authuser.api_key)}"><i class="icon-rss-squared"></i></a> + %if request.authuser.username != 'default': + <a title="${_('Subscribe to %s rss feed')% name}" href="${h.url('rss_feed_home',repo_name=name,api_key=request.authuser.api_key)}"><i class="icon-rss-squared"></i></a> %else: <a title="${_('Subscribe to %s rss feed')% name}" href="${h.url('rss_feed_home',repo_name=name)}"><i class="icon-rss-squared"></i></a> %endif </%def> <%def name="atom(name)"> - %if c.authuser.username != 'default': - <a title="${_('Subscribe to %s atom feed')% name}" href="${h.url('atom_feed_home',repo_name=name,api_key=c.authuser.api_key)}"><i class="icon-rss-squared"></i></a> + %if request.authuser.username != 'default': + <a title="${_('Subscribe to %s atom feed')% name}" href="${h.url('atom_feed_home',repo_name=name,api_key=request.authuser.api_key)}"><i class="icon-rss-squared"></i></a> %else: <a title="${_('Subscribe to %s atom feed')% name}" href="${h.url('atom_feed_home',repo_name=name)}"><i class="icon-rss-squared"></i></a> %endif
--- a/kallithea/templates/index_base.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/index_base.html Sat Dec 24 01:27:47 2016 +0100 @@ -11,7 +11,7 @@ %endif </div> - %if c.authuser.username != 'default': + %if request.authuser.username != 'default': <ul class="pull-right links"> <li> <%
--- a/kallithea/templates/journal/journal.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/journal/journal.html Sat Dec 24 01:27:47 2016 +0100 @@ -15,8 +15,8 @@ ${self.menu('journal')} </%block> <%block name="head_extra"> - <link href="${h.url('journal_atom', api_key=c.authuser.api_key)}" rel="alternate" title="${_('ATOM journal feed')}" type="application/atom+xml" /> - <link href="${h.url('journal_rss', api_key=c.authuser.api_key)}" rel="alternate" title="${_('RSS journal feed')}" type="application/rss+xml" /> + <link href="${h.url('journal_atom', api_key=request.authuser.api_key)}" rel="alternate" title="${_('ATOM journal feed')}" type="application/atom+xml" /> + <link href="${h.url('journal_rss', api_key=request.authuser.api_key)}" rel="alternate" title="${_('RSS journal feed')}" type="application/rss+xml" /> </%block> <%def name="main()"> @@ -29,7 +29,7 @@ <a href="${h.url('my_account_watched')}"><i class="icon-eye"></i> ${_('Watched Repositories')}</a> <a href="${h.url('my_account_repos')}"><i class="icon-database"></i> ${_('My Repositories')}</a> <a id="refresh" href="${h.url('journal')}"><i class="icon-arrows-cw"></i></a> - <a href="${h.url('journal_atom', api_key=c.authuser.api_key)}"><i class="icon-rss-squared"></i></a> + <a href="${h.url('journal_atom', api_key=request.authuser.api_key)}"><i class="icon-rss-squared"></i></a> </div> </div> <div id="journal" class="panel-body">
--- a/kallithea/templates/pullrequests/pullrequest_data.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/pullrequests/pullrequest_data.html Sat Dec 24 01:27:47 2016 +0100 @@ -23,7 +23,7 @@ % for pr in pullrequests: <tr class="${'pr-closed' if pr.is_closed() else ''}"> <td width="80px"> - <% status = pr.user_review_status(c.authuser.user_id) %> + <% status = pr.user_review_status(request.authuser.user_id) %> %if status: <i class="icon-circle changeset-status-${status}" title="${_('You voted: %s') % h.changeset_status_lbl(status)}"></i> %else: @@ -59,7 +59,7 @@ </a> </td> <td style="text-align:right"> - %if pr.owner_id == c.authuser.user_id: + %if pr.owner_id == request.authuser.user_id: ${h.form(url('pullrequest_delete', repo_name=pr.other_repo.repo_name, pull_request_id=pr.pull_request_id), style="display:inline-block")} <button class="btn btn-default btn-xs" id="remove_${pr.pull_request_id}"
--- a/kallithea/templates/pullrequests/pullrequest_show.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/pullrequests/pullrequest_show.html Sat Dec 24 01:27:47 2016 +0100 @@ -15,7 +15,7 @@ </%block> <%def name="main()"> -<% editable = not c.pull_request.is_closed() and (h.HasPermissionAny('hg.admin')() or h.HasRepoPermissionAny('repository.admin')(c.repo_name) or c.pull_request.owner_id == c.authuser.user_id) %> +<% editable = not c.pull_request.is_closed() and (h.HasPermissionAny('hg.admin')() or h.HasRepoPermissionAny('repository.admin')(c.repo_name) or c.pull_request.owner_id == request.authuser.user_id) %> ${self.repo_context_bar('showpullrequest')} <div class="panel panel-primary"> <div class="panel-heading clearfix">
--- a/kallithea/templates/pullrequests/pullrequest_show_all.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/pullrequests/pullrequest_show_all.html Sat Dec 24 01:27:47 2016 +0100 @@ -27,7 +27,7 @@ ${self.breadcrumbs()} </div> <div class="pull-right"> - %if c.authuser.username != 'default': + %if request.authuser.username != 'default': <a id="open_new_pr" class="btn btn-success btn-xs" href="${h.url('pullrequest_home',repo_name=c.repo_name)}"><i class="icon-plus"></i> ${_('Open New Pull Request')}</a> %endif %if c.from_:
--- a/kallithea/templates/summary/statistics.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/summary/statistics.html Sat Dec 24 01:27:47 2016 +0100 @@ -13,8 +13,8 @@ </%block> <%block name="head_extra"> - <link href="${h.url('atom_feed_home',repo_name=c.db_repo.repo_name,api_key=c.authuser.api_key)}" rel="alternate" title="${_('%s ATOM feed') % c.repo_name}" type="application/atom+xml" /> - <link href="${h.url('rss_feed_home',repo_name=c.db_repo.repo_name,api_key=c.authuser.api_key)}" rel="alternate" title="${_('%s RSS feed') % c.repo_name}" type="application/rss+xml" /> + <link href="${h.url('atom_feed_home',repo_name=c.db_repo.repo_name,api_key=request.authuser.api_key)}" rel="alternate" title="${_('%s ATOM feed') % c.repo_name}" type="application/atom+xml" /> + <link href="${h.url('rss_feed_home',repo_name=c.db_repo.repo_name,api_key=request.authuser.api_key)}" rel="alternate" title="${_('%s RSS feed') % c.repo_name}" type="application/rss+xml" /> </%block> <%def name="main()">
--- a/kallithea/templates/summary/summary.html Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/templates/summary/summary.html Sat Dec 24 01:27:47 2016 +0100 @@ -36,8 +36,8 @@ </%block> <%block name="head_extra"> - <link href="${h.url('atom_feed_home',repo_name=c.db_repo.repo_name,api_key=c.authuser.api_key)}" rel="alternate" title="${_('%s ATOM feed') % c.repo_name}" type="application/atom+xml" /> - <link href="${h.url('rss_feed_home',repo_name=c.db_repo.repo_name,api_key=c.authuser.api_key)}" rel="alternate" title="${_('%s RSS feed') % c.repo_name}" type="application/rss+xml" /> + <link href="${h.url('atom_feed_home',repo_name=c.db_repo.repo_name,api_key=request.authuser.api_key)}" rel="alternate" title="${_('%s ATOM feed') % c.repo_name}" type="application/atom+xml" /> + <link href="${h.url('rss_feed_home',repo_name=c.db_repo.repo_name,api_key=request.authuser.api_key)}" rel="alternate" title="${_('%s RSS feed') % c.repo_name}" type="application/rss+xml" /> <script> redirect_hash_branch = function(){ @@ -141,7 +141,7 @@ </a> </li> - %if c.authuser.username != 'default': + %if request.authuser.username != 'default': <li class="repo_size clearfix"> <a href="#" onclick="javascript:showRepoSize('repo_size_2','${c.db_repo.repo_name}')"><i class="icon-ruler"></i> ${_('Repository Size')}</a> <span class="stats-bullet" id="repo_size_2"></span> @@ -149,8 +149,8 @@ %endif <li> - %if c.authuser.username != 'default': - <a href="${h.url('atom_feed_home',repo_name=c.db_repo.repo_name,api_key=c.authuser.api_key)}"><i class="icon-rss-squared"></i> ${_('Feed')}</a> + %if request.authuser.username != 'default': + <a href="${h.url('atom_feed_home',repo_name=c.db_repo.repo_name,api_key=request.authuser.api_key)}"><i class="icon-rss-squared"></i> ${_('Feed')}</a> %else: <a href="${h.url('atom_feed_home',repo_name=c.db_repo.repo_name)}"><i class="icon-rss-squared"></i> ${_('Feed')}</a> %endif